Newspaper Editorial Insists Hackers Must Be Punished, While Misunderstanding Nearly Every Detail

from the apparently-never dept

We just recently wrote about a trio of recent situations -- all involving young hackers probing for information, leading to either criminal charges or threats of criminal charges against them -- that show what happens when people in power don't understand how technology works. They were all cases where the individuals involved may have done things that some would think inconsiderate, but that hardly should rise to the level of "criminal" behavior -- especially with threats of many years in jail. Presenting the flipside to that argument: the editorialists at the Toronto Globe and Mail, who show why those who don't understand technology have no business writing about it. The editorial is headlined When did it become wrong to punish hackers?, which already suggests problem number one. Hacker is a generic term that does not automatically imply malicious attacks, yet the Globe and Mail immediately seems to assume otherwise. That might be news to the US government, which just announced its own National Day for Civic Hacking (despite filing charges against such civic hackers...).

A Montreal school is being widely criticized for expelling a student who hacked into its computer system and helped expose flaws in the system’s security. The student now has been offered jobs by computer security companies, including the one that ran the system he hacked into. In the Internet age, the hacker is celebrated as a hero and the school is pilloried for being an overbearing, defensive holdover from a bygone age. It’s an unfair presumption that needs to be corrected.

That's one version of the story. The hacker is celebrated as a hero because he did something useful: exposed a security flaw that could have been used by someone malicious for nefarious purposes. We generally want to celebrate those who spot danger and warn people away from it. And the school is being pilloried because it expelled this person. Without Ahmed Al-Khabaz's help, the data of students would be at risk. Doesn't it seem somewhat overbearing to blame the messenger? What exactly is "unfair" about the presumption? After pointing out that Al-Khabaz "discovered a serious flaw" the editorial still supports his expulsion, apparently entirely based on the fact that the company, Skytech, felt his probing was an attack:

... Mr. Al-Khabaz then went on and carried out what the company considered to be a “cyber-attack” on the school’s production servers. The company notified the school, and Mr. Al-Khabaz was hauled on the carpet. The company accepted the student’s explanation and noted that he “demonstrated great talent in computer science.” They dropped the matter and offered Mr. Al-Khabaz a job, but Dawson’s administrators felt the student had gone too far and expelled him on the grounds he had violated the college’s code of conduct.

What the company considered a "cyber-attack" could also be described as "checking to see if the flaw was fixed." And, clearly, they didn't think it was a huge problem if they offered him a job, and noted his "great talent." So why does the school still think he went too far?

Dawson’s officials are right: Rules exist for a reason, and students cannot expect to break them without consequence. Why have them, otherwise?

Ahhhhhh. Rules are rules. Rules exist for reasons, but sometimes those reasons are bad. And punishing people for breaking rules in ways that help people seems like sending the exact wrong message. Sometimes rules should be broken, because the rules are wrong.

The editorial then moves on to Aaron Swartz:

Swartz, who had a history of depression, was facing a slew of charges for allegedly downloading publicly funded academic journals from a large database that charged a fee for access. His family and supporters blame overzealous prosecutors for his death; the prosecutors insist – again, quite rightly – that “stealing is stealing.”

Uh, "stealing is stealing" is a tautology, so of course it's right. But what's "wrong" is arguing that what Swartz did was "stealing." He stole nothing. He downloaded papers from MIT's open network, which was set up with a site license from JSTOR allowing open downloading of those journal articles, all of which remained on the site for anyone else to download.

Go ahead, explain what was "stolen"?

In the age of the Internet, the massive downloading for free of music and movies and other copyrighted material has muddied the waters for many people.

It seems to have "muddied the waters" for the editorial writers of the Toronto Globe and Mail who don't seem to realize that neither case had anything to do with the "massive downloading for free of music and movies."

They seem to have forgotten that privacy rights and copyright laws are among the foundations of our economy. These are things that are not to be shoved aside by the absolutism of Internet activism.

Oh really? If privacy rights are the foundation of the economy, then, er, isn't it a good thing that Al-Khabaz alerted officials to a hole that exposed the private info of students. He did nothing to compromise anyone's privacy rights at all. Similarly, Aaron Swartz did not violate any copyright law, and he was not charged with copyright law violations.

So, seriously, how does a huge mainstream publication like the Globe and Mail get away with writing a piece of garbage this ridiculous? It claims things that simply aren't true, completely flips around reality, and then seems to wrap it up in some bizarre "rules are rules" argument, that makes no sense since the rules it says people violated... weren't even violated.

And the Globe and Mail thinks people should pay its meter to access this kind of crap?

Tautologies

My apologies in advance for taking one small element out of this article and expanding on it. Yet perhaps it is the crux of the incorrect viewpoints and interpretations behind the outdated view of things.

You would think that smart people would recognize that STEALING is not in fact always equal to STEALING and if you boil complex issues down to false tautologies, you are going to have unintended consequences that ruin people's lives.

Then of course you can get back to the point that COPYRIGHT INFRINGEMENT != STEALING or VIOLATING ACCEPTABLE USE POLICIES != STEALING to completely blow up their argument.

(By the way, Toronto's Globe and Mail has fallen so far from its peak as a widely respected source of news and opinion that I am hardly surprised at their clueless stance on this issue.)

The funny thing about Mr. Swartz

Everyone goes off about how he must be punished for trespassing and copyright infringement...and yet nowhere in the indictment or the superseding indictment did it mention any law dealing with copyright or trespass.

It's as if people just see some behavior they don't approve of, and at that point any punishment at all is justified, even if the punishment has nothing to do with the crime.

And a follow up on the noble Aaron Swartz

Aaron Swartz versus the Phantom Giant

When Aaron took on SOPA, he took on AT&T and as he was later to find out, Chris Dodd, whose family has been on retainer to the Rockefeller family for generations, dating back to their ancestor, Samuel Calvin Tate Dodd, the attorney to John D. Rockefeller, who created a holding company each time Rockefeller’s Standard Oil supposedly sold off a business unit (during the court-ordered breakup), moving the stock ownership to the holding company, then in turn establishing ownership of said holding company at one of Rockefeller’s foundations and/or trusts.

Chris Dodd’s father, Thomas Dodd, had no less than at least three Acts of Congress passed in futile attempts to curb the famous Dodd corruption (most notably F.A.R.A., or the Foreign Agents Registration Act, and amendments to it).

Are the Dodds still working for the Rockefeller family? Well, that depends on the mystery ownership of AT&T. Going back to the early 1900s, John Moody, the original founder of the infamous Moody’s rating service, said that AT&T was part of the Rockefeller Trust, originally financed by Morgan, but either sold, traded or shifted over to Rockefeller.

We do know that AT&T loves Senator Jay Rockefeller, and that Jay Rockefeller loves AT&T, as witnessed by the manner in which he led the way in the Senate to grant them retroactive immunity regarding the warrantless wiretapping during the Bush Administration (which continues on, BTW).

“Chairman Rockefeller has long made public safety and national security a top priority for this country. We applaud his commitment to the public safety community and his tireless efforts to ensure that first responders have the resources they need to support a nationwide wireless broadband network. This legislation will result in a truly interoperable public safety network and will free up new spectrum and establish funding mechanisms to support the operation and maintenance of this critical network.”

Many people don’t realize that the old AT&T has been reconstituted back to its original, albeit even more powerful and richer self, thanks in part to Bill Clinton’s signing of that Telecommunications Act of 1996 --- all except Verizon, but in tracking the circuitous ownership of Verizon it appears to lead back to the same ownership as AT&T!

We used to marvel, back in the late 1970s, how AT&T set out to destroy the telecom upstart, MCI, which would have shortly gone out of business, had not AT&T pulled their access to long distance lines, thereby allowing MCI legal recourse, eventually netting MCI enough monies (from the legal settlement with AT&T) to continue on with their precarious business existence for a few more years.

AT&T --- and the Rockefeller family --- has only one strategy: the scorched earth policy!
Now, former IMF stooge and presently an economics prof at MIT, Simon Johnson, would have us believe that the Rockefellers, led by the crafty David Rockefeller, gave away their billions to “charity” --- they morphed from murderous robber barons to “philanthropists”?

So the Rockefeller family, worth an estimated $30 billion in 1960 (when one billion was an unimaginable sum), are now only worth $2 billion?

Puuuhlease --- repositioning the Rockefeller fortune to various foundations, trusts and unregistered trusts to hide their wealth and ownership was, and still is, the standard tax dodge; nothing particularly surprising there. (The norm today is to create an LLC, or Limited Liability Corporation, owned by a holding company, in turn owned by an offshore trust.)
One can only imagine what their true net worth is today?

So who owns AT&T today? Look for a Dodd underneath a rock(efeller) and you’ll know the answer.

The Rockefeller Hit Parade:

From the bloody Ludlow Massacre, and the Rockefeller chain gangs, to their secret oil shipments to the Nazis during World War II, to the murders of John F. Kennedy, Martin Luther King, Jr., Bobby Kennedy and the recent death of Aaron Swartz, the bloody prints of the Rockefeller family are evident!

Re:

Never mind. I found it.

Apparently, the prosecutors have been misinterpreted. What they really meant is: "stealing is wire fraud, computer fraud, unauthorized access to a computer system, and damaging a computer system" or the opposite, I'm not quite sure, but I am quite positive he was not charged with anything resembling stealing.

Dawson’s officials are right: Rules exist for a reason, and students cannot expect to break them without consequence. Why have them, otherwise?

This is frightening and, frankly, dangerous thinking. Once a rule is made, it must be obeyed at all times, no matter how ridiculous it is? Once a law is penned, it has clearly withstood all possible scrutiny and must be slavishly followed, no matter how idiotic or unenforceable it becomes?

Rules exist for a reason, alright: someone thought it would be a good idea if they were rules. Just because that happened, however, does not make them good; and if more good can come about by breaking the rules, then I think any actual sane person would agree that the rules are not good.

Re: Tautologies

I read that editorial yesterday and can't believe it that the Globe and Mail published it.

The best part is that, while they say that privacy rights are important, their own website creates at least 12 cookies. What the Globe and Mail meant to say was that "our privacy rights" as in the Globe and Mail's was important.

For an analogy, all Ahmed Al-Khabaz did was realize that a door was unlocked. He told the owner of said door, who replied "Thank you, I'll get that locked". A few days later he walked past the same door, figured he check it again by turning the handle. It was still unlocked. For this he has been punished. Why?

Re: Re: Tautologies

Excellent! You are thinking like a prosecutor: "Hey! Look, we can charge him with BOTH auto theft and shoplifting... oh and vehicular misappropriation and highway robbery and non-pedestrian pilfering... maximum sentence is 300 years in prison but we can whittle it down to four years in a plea agreement. Look how lenient we're being. I tell ya: doing good feels good."

Code of Conduct

Typically, a college's code of conduct is rather strict and enforced rather strongly, except when dealing with certain drugs and alcohol. Dispelling on the grounds of such a violation is usually outside the bounds of acceptable punishment in the rest of society.

The focus, in this incident, should be around revising the code of conduct to account for intent and provide escalating punishments for repeat offenders, rather than heading straight for the highest level available.

Still, given the enhanced rules in effect per the discretion of the college and the fact that this matter does fall within the legal scope of the college itself:

I have to side with the college being allowed to preserve its governmental rights with respect to its property and services.

Re: Code of Conduct

"I have to side with the college being allowed to preserve its governmental rights with respect to its property and services."

I think you left out the part where you explained why you're siding with the college.
The situation with Mr. Al-Khabaz has one disastrous result that quite plainly you didn't think of: if you're a student at their school and you discover a computer vulnerability, you will be expelled for revealing it. That only makes computer systems more insecure, as now people are more reluctant to audit their security, not if they're going to be punished for it.

Re: Code of Conduct

First, it is a college - they should be teaching people to think, not teaching people HOW to think.

Second, what is the lesson they are trying to teach their students? If you see a problem, for goodness sake, don't try to fix it or make anyone aware of it. Instead, you should brush it under the rug and pretend it isn't there. Oh, and if the problem could hurt you, please cross your fingers.

Alas, Poor Globe, I knew him, Horatio...

The Globe used to be CAnada's premier paper, a slightly right of (Canadian) center version of the nytimes or wapo.

Unfortunately they've been getting creamed by the National Post (Which used to be further right but have backed off that), who took all their best columnists and continues to provide better online experience.

I used to read the Globe, but the sheer idiocy of their tech reporting, combined with a completely uncritical report on personality profiling based on blood type, drove me away.

The Globe is dying, and has basically had its lunch eaten by the Post. While the editorial is stupid beyond belief, please don't give it more credence than it deserves. It's analogous to the ramblings of your once great uncle who did amazing things but now spends his days yelling at furniture and getting lost on his way to the mailbox.

Re: Spelling Mistake

usual situation, then. those that dont have a clue make decisions that affect the lives of others for ever. i wonder how they would feel if the situation were reversed, especially, from what i read elsewhere, that 14 of 15 computer teachers were in favour of expelling the guy. that really smells like a lot of threatening and/or bribing went on, probably to please just one person. and all for exposing a flawed system? typical whistle-blowing revenge tactics here!!

I would think that the schools computer science program is going to die out soon from lack of enrollment. Why would anyone want to attend this college if that's how they treat their best and brightest?

Re: Code of Conduct

the fact that this matter does fall within the legal scope of the college itself

And nobody is saying otherwise. All people are saying is that the college is being stupidly wrong and needlessly harming one of its students. The college may have the right to be a bunch of clueless nimrods, but everyone else has the right to call them out for being that.

Re: Re: Re: Re: Tautologies

I actually wonder if any car thief has been charged with that yet.... A lot of the new cars now have the fancy computer controlled ignitions where you no longer use a key. So I would think you could probably get slapped with a computer hacking charge for defeating that system and cranking the car.

Re: Re: Code of Conduct

He was expelled for testing it, not revealing it. But that is ancillary to the point that it is up to those involved with the college to determine what goes into the college's code of conduct.

The college is a private entity and while subject to the laws of the respective governments above it, it also has the prerogative to define its own restrictions on top of those, in so far as they are not discriminatory, exploitative or restrictive on actions taken outside the college's domain.

The public at large has no business in the minutia of where the line is drawn in regards to a college's code of conduct. Those involved with the college certainly have every right to press such matters, but apparently haven't felt it an issue, as general practice by college's is to make the code of conduct a formal binding contract signed at the start of each year or semester.

Not all people or entities are best served by any single set of rules. It is for this reason that there are multiple levels of rules and regulatory bodies. My opinion is that the federal governments (or in this case, it may be more accurate to say the UN, seeing as this is a multi-national response to a Canadian incident) should not be in charge of collegiate codes of conduct.

Tone

One of the things that hard to deal with on the Internet is tone. Everyone that reads an article or a comment adds their own idea of the tone of the message. This is the first article that I have read by Mike where I immediately thought the tone was that he was pissed off by the Globe. I can't wait for the next one!

Re: Re: The funny thing about Mr. Swartz

Just to pile on: Isn't that the fundamental principle behind a totalitarian regime? If everybody is breaking x laws each day, it is always possible to "remove opposition"!

Discretion in enforcement and execution of laws is a bane of democracy. At some point it comes down to the question:
Is it better to convict an innocent or let a guilty go free. If you choose the first, you are dealing with a principle that is diametrically opposed to human rights!

Re: Re: Code of Conduct

Re: Re: Re: Code of Conduct

Now, y'see, if he'd been expelled for EXPLOITING that vulnerability, you'd have a leg to stand on. People wouldn't be arguing with you.
But all he did was check to see if it was there, report that it was there, then check it again. That's not good grounds for expelling someone, breach of contract or no.

Randall: You see, to be quite frank, Kevin, the fabric of the universe is far from perfect. It was a bit of botched job, you see. We only had seven days to make it. And that's where this comes in. This is the only map of all the holes.

Well, why repair them?

Why not use them to get stinking rich?

-- Time Bandits.

Globe and Mail seems to like Randall's idea better than the "let's repair the holes" idea.

Randall: You see, to be quite frank, Kevin, the fabric of the universe is far from perfect. It was a bit of botched job, you see. We only had seven days to make it. And that's where this comes in. This is the only map of all the holes.

Well, why repair them?

Why not use them to get stinking rich?

-- Time Bandits.

Globe and Mail seems to like Randall's idea better than the "let's repair the holes" idea.

Randall: You see, to be quite frank, Kevin, the fabric of the universe is far from perfect. It was a bit of botched job, you see. We only had seven days to make it. And that's where this comes in. This is the only map of all the holes.

Well, why repair them?

Why not use them to get stinking rich?

-- Time Bandits.

Globe and Mail seems to like Randall's idea better than the "let's repair the holes" idea.

Re:

When did it become wrong to...

... hang niggers from the nearest tree?
... throw stones on gays' houses?
... close your wife home and only let her out to accompany you?
... use deadly force to squash all those stupid protesters?
...

I'd really really like to know all that, must have been beautiful times when people could still do all those things.
I'm gonna read Toronto Globe and Mail right now, perhaps the wise men there have answers to these important questions!

Selling a hack

He could have sold the hack had someone not caught him? What was his explanation to the company? Al- Khabaz?? Are you kidding? When did it ever become useful to train Al-queida to fly a jet liner, but not land one? People are understandably a little cautious these days, especially ~higher learning institutions having their system servers hacked (Broke into).. Don't be sympathetic with this act. The company that hired him will hopefully be prudent and keep a huge eye on him. We are on planet earth.. hellO

Re: Re: Re: Code of Conduct

It would be a sad society to live in if, minutia or otherwise, we felt constrained from making observations on moral decisions in organisations that were of concern. Hospitals, schools, universities, armies and corporations are all governed by minutia. As are states. To tell concerned citizens these activities are not their business even when they worry about the morality of these activities raises the question of what exactly do members of society have the right to question.

Can I come and rattle your windows just to see they are safe and secure ir would your call the cops?Do really beleive he was just "checking the security"? As for the IT company would you reall y trust them? I wouldn't.Sorry but he was stealing as he DID take something, read the article carefully.School shoyld do a full audit of every key stroke and see what they find.He is an electrinic burglar.